IBM Support

IT40971: MULTIPLE VULNERABILITIES IN IBM JAVA RUNTIME AFFECT STERLING CONNECT:DIRECT FOR WINDOWS (CVE-2021-35550, CVE-2021-35603)

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Users Affected:
    Sterling Connect:Direct for Windows 4.8.0
    Sterling Connect:Direct for Windows 6.0.0
    Sterling Connect:Direct for Windows 6.1.0
    Sterling Connect:Direct for Windows 6.2.0
    
    Problem Description:
    Vulnerabilities have been found in the IBM Runtime Environment
    Java Technology Edition, Version 7 and 8 used by Install Agent
    in IBM Sterling Connect:Direct for Microsoft Windows. IBM
    Sterling Connect:Direct for Microsoft Windows has addressed the
    applicable CVEs CVE-2021-35550 and CVE-2021-35603.
    
    Platforms Affected:
    Windows
    

Local fix

  • STRMFT-13321
    VF / VF
    Circumvention: None
    

Problem summary

  • Users Affected:
    Sterling Connect:Direct for Windows 4.8.0
    Sterling Connect:Direct for Windows 6.0.0
    Sterling Connect:Direct for Windows 6.1.0
    Sterling Connect:Direct for Windows 6.2.0
    
    Problem Description:
    Vulnerabilities have been found in the IBM Runtime Environment
    Java Technology Edition, Version 7 and 8 used by Install Agent
    in IBM Sterling Connect:Direct for Microsoft Windows. IBM
    Sterling Connect:Direct for Microsoft Windows has addressed the
    applicable CVEs CVE-2021-35550 and CVE-2021-35603.
    
    Platforms Affected:
    Windows
    

Problem conclusion

  • Resolution Summary:
    Updated the IBM Runtime Environment Java.
    
    Delivered In:
    Sterling Connect:Direct for Windows 4.8.0.3_iFix045
    Sterling Connect:Direct for Windows 6.0.0.4_iFix052
    Sterling Connect:Direct for Windows 6.1.0.2_iFix043
    Sterling Connect:Direct for Windows 6.2.0.4_iFix005
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT40971

  • Reported component name

    STR CD FOR WIND

  • Reported component ID

    5725C9908

  • Reported release

    620

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2022-06-09

  • Closed date

    2022-06-24

  • Last modified date

    2022-06-24

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    STR CD FOR WIND

  • Fixed component ID

    5725C9908

Applicable component levels

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRRVY","label":"Sterling Connect:Direct for Microsoft Windows"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"620","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]

Document Information

Modified date:
09 August 2022